iPhone security flaw bypasses password protection

Posted on 26-Oct-2010 by Point Blank Technologies

Apple is often viewed as being more secure than most, but how many of us think our iPhone is secure when we put a password on it? Think again. The latest security issue involves iOS 4.1 and the ability to bypass password protection to gain access to contacts and phone functionality.

Usually, security flaws have been associated with “jail-broken” phones, which bypass the Apple security model. However, I have verified this vulnerability using an iPhone 3G and iPhone 3Gs, both running iOS 4.1, and neither of them were jail-broken.

So, how does it work? Here’s the steps:

  • Press “emergency call” from the Password screen
  • Push the pound key three times
  • Hold down the green key, and the moment you let it go, you push the lock (power) button.

It may take you a few tries to get it just right, but by unlocking the phone in this manner, you gain access to all of the information available when the device is in “phone mode”. This means you can see who is saved as Favorites, recent calls, all contacts, the keypad (to dial any other number), and voicemail.

It appears that you do NOT gain access to any other applications on the device. However, the “auto lock” feature is disabled, and the phone will not lock on its own if you have a preset time (i.e. two minutes).

There are two different ways to get out of this mode. The first is to power off the device by holding down the lock/power button until the “slide to power off” control appears. Power down the device, and then turn the device back on as you normally would. The second method is to place a call. The phone returns to locked mode once a single call is completed, and can be unlocked using your password.

This vulnerability emphasizes the need to maintain physical control over your mobile devices, regardless of how secure you think they may be. It should also serve as a good reminder to keep your software patched as well, because Apple will (hopefully) be issuing an update in the near future to correct this issue.

More Info:
Careful, iPhone Owners: Simple Backdoor Lets Anyone Bypass Password Protection
iOS 4.1 Security Issue – Bypassing the Lock Screen to Make Calls

This entry was posted in News, Security. Bookmark the permalink.

Comments are closed.